[Mesa-dev] [PATCH 0/9] Enable gcc's undefined behaviour sanitizer
Nicolai Hähnle
nhaehnle at gmail.com
Sat Apr 30 07:24:28 UTC 2016
Hi,
this patch series enables the use of gcc's -fsanitize=undefined in Mesa and
fixes the bulk of reported issues in basic examples like glxgears. However,
many issues remain, and some of them in the GLSL compiler look like they could
be real - see below for a sampling.
By "enables the use" I mean that (a) it fixes a compiler error that only
happens with ubsan enabled, at least on gcc 5.3.1 and (b) it fixes a bunch
of undefined behaviour (bad casts) that causes ubsan runs to crash with a
segfault in the implementation of dynamic_cast.
The bulk of the other fixes in this series are benign "left-shift into sign
bit" fixes. In particular, that's what the giant gallium/radeon patch (7/9,
probably too big for the mailing list) is about - that patch was generated
mechanically.
If you want to try this out yourself, you need to add -fsanitize=undefined
to CFLAGS, CXXFLAGS, and LDFLAGS. You need a fairly recent libtool as well
(the one that comes with Ubuntu 16.04 works for me, but I had to re-autogen),
otherwise the option will be "helpfully" removed from the linker flags and
linking will fail.
You can find the entire series at https://cgit.freedesktop.org/~nh/mesa/log/?h=ubsan
Please review!
Thanks,
Nicolai
--
Here are a bunch of issues reported when running piglit's
arb_shader_image_load_store-level - all of them are about objects being cast
to the wrong type, and subsequent consequences:
../../../../mesa/src/compiler/glsl/ir_function.cpp:376:40: runtime error: downcast of address 0x0000026c3e00 which does not point to an object of type 'ir_variable'
0x0000026c3e00: note: object is of type 'ir_dereference_variable'
00 00 00 00 28 4a d9 c3 66 7f 00 00 28 93 cd 64 ff 7f 00 00 20 93 cd 64 ff 7f 00 00 02 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_dereference_variable'
../../../../mesa/src/compiler/glsl/ir_function.cpp:381:25: runtime error: member access within address 0x0000026c3e00 which does not point to an object of type 'ir_variable'
0x0000026c3e00: note: object is of type 'ir_dereference_variable'
00 00 00 00 28 4a d9 c3 66 7f 00 00 28 93 cd 64 ff 7f 00 00 20 93 cd 64 ff 7f 00 00 02 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_dereference_variable'
../../../../mesa/src/compiler/glsl/opt_dead_builtin_variables.cpp:38:32: runtime error: downcast of address 0x00000230eeb0 which does not point to an object of type 'ir_variable'
0x00000230eeb0: note: object is of type 'ir_function'
00 00 00 00 70 4c d9 c3 66 7f 00 00 48 e6 76 02 00 00 00 00 08 2b 77 02 00 00 00 00 0a 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_function'
../../../../mesa/src/compiler/glsl/ir_function.cpp:65:53: runtime error: downcast of address 0x00000230bf80 which does not point to an object of type 'ir_rvalue'
0x00000230bf80: note: object is of type 'ir_variable'
00 00 00 00 e0 47 d9 c3 66 7f 00 00 48 c0 30 02 00 00 00 00 28 c4 30 02 00 00 00 00 07 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_variable'
../../../../mesa/src/compiler/glsl/ir_function.cpp:67:34: runtime error: member access within address 0x00000230bf80 which does not point to an object of type 'ir_rvalue'
0x00000230bf80: note: object is of type 'ir_variable'
00 00 00 00 e0 47 d9 c3 66 7f 00 00 48 c0 30 02 00 00 00 00 28 c4 30 02 00 00 00 00 07 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_variable'
../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3525:26: runtime error: downcast of address 0x0000022eaa40 which does not point to an object of type 'ir_dereference'
0x0000022eaa40: note: object is of type 'ir_swizzle'
00 00 00 00 20 48 d9 c3 66 7f 00 00 08 20 31 02 00 00 00 00 f8 1e 31 02 00 00 00 00 05 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_swizzle'
../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3548:29: runtime error: downcast of address 0x0000045a7d00 which does not point to an object of type 'ir_dereference'
0x0000045a7d00: note: object is of type 'ir_constant'
00 00 00 00 f0 4c d9 c3 66 7f 00 00 28 86 59 04 00 00 00 00 18 85 59 04 00 00 00 00 03 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_constant'
../../../../mesa/src/mesa/state_tracker/st_glsl_to_tgsi.cpp:3554:29: runtime error: downcast of address 0x000004a47d10 which does not point to an object of type 'ir_dereference'
0x000004a47d10: note: object is of type 'ir_swizzle'
00 00 00 00 20 48 d9 c3 66 7f 00 00 58 bf 9c 04 00 00 00 00 08 60 a5 04 00 00 00 00 05 00 00 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'ir_swizzle'
--
src/compiler/glsl/ir.cpp | 5 +-
src/compiler/glsl/list.h | 122 +-
src/compiler/glsl/opt_dead_code_local.cpp | 7 +-
src/compiler/glsl/opt_tree_grafting.cpp | 5 +-
src/gallium/auxiliary/tgsi/tgsi_ureg.c | 2 +-
src/gallium/auxiliary/util/u_pack_color.h | 2 +-
src/gallium/auxiliary/util/u_pstipple.c | 2 +-
src/gallium/drivers/r600/eg_sq.h | 316 +-
src/gallium/drivers/r600/evergreend.h | 1104 ++---
src/gallium/drivers/r600/r600_opcodes.h | 12 +-
src/gallium/drivers/r600/r600_pipe.h | 6 +-
src/gallium/drivers/r600/r600_sq.h | 246 +-
src/gallium/drivers/r600/r600d.h | 1804 +++----
src/gallium/drivers/r600/r700_sq.h | 246 +-
.../drivers/radeon/r600_pipe_common.h | 8 +-
src/gallium/drivers/radeon/r600d_common.h | 108 +-
src/gallium/drivers/radeon/radeon_uvd.h | 6 +-
src/gallium/drivers/radeonsi/si_state.c | 6 +-
.../drivers/radeonsi/si_state_shaders.c | 4 +-
src/gallium/drivers/radeonsi/sid.h | 4122 ++++++++--------
.../drivers/softpipe/sp_quad_stipple.c | 4 +-
src/mesa/main/mtypes.h | 60 +-
src/mesa/main/uniforms.c | 2 +-
src/mesa/state_tracker/st_mesa_to_tgsi.c | 2 +-
src/mesa/state_tracker/st_program.c | 4 +-
25 files changed, 4117 insertions(+), 4088 deletions(-)
More information about the mesa-dev
mailing list